DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NH: Pathology lab doctors say WDH punishing them for reporting privacy breaches by rogue employee

Posted on November 27, 2009 by Dissent

Adam D. Krauss reports on a case of what seems to involve patient record tampering without any clear financial or other motivation. In a fairly detailed story, Krauss discusses some of both the privacy and data security issues:

Two doctors who run the pathology lab at Wentworth-Douglass Hospital say they’ll soon be out of a job because WDH President and CEO Gregory Walker is punishing them after they discovered “massive and systematic violations of patients’ privacy” by a rogue hospital employee.

Dr. Cheryl Moore and Dr. Glen Littell, who run the contracted and independent Piscataqua Pathology Associates, laid out their case in a recent letter to members of the WDH board of trustees, explaining how the hospital is ending a 28-year relationship with their practice three years after they first became suspicious of the employee breaching patient privacy.

The breach took place between May 21, 2006, and June 29, 2007, at the hands of a hospital employee who improperly altered 1,500 reports and accessed them 1,847 times, according to a copy of the letter obtained by Foster’s.

WDH spokeswoman Noreen Biehl confirmed the employee was terminated when an audit revealed the employee was behind the problem, and she stressed patient safety was not compromised.

Here’s the part of the story concerning the security aspects:

The doctors’ letter to trustees claims the ex-employee, who was not employed by Piscataqua Pathology Associates, infiltrated the reports on hospital time “utilizing passwords the Hospital failed to change.” Biehl said she did not know enough to explain whether that allegation meant the ex-employee retained access rights to the software used in the pathology lab beyond a point she was supposed to.

The letter does not detail the motivation of the ex-employee, and Biehl said she did not know what caused the worker to act.

The breach is just now coming to light because an audit launched to survey the damage was not completed until late May, the result of Walker allocating “so few resources to the investigation,” forcing a single hospital employee who works as a pathology lab aide to take on the task herself, the letter says.

More on the audit’s revelations:

Other audit findings include 63 unauthorized entries in the computer software to view 23 different autopsy cases, including once to change the date and time of a patient’s death. There were single instances of removing clinical history from a case, removing information related to imaging, changing tissue sample location sites and removing doctors’ dictation from a file. There were also more than 90 cases where the ex-employee prevented physicians from receiving patients’ pathology results directly through an automated fax system.

The audit says there were 862 unauthorized viewings, about half the total number of unauthorized instances, where it is nearly impossible to determine if there were changes.

Read more on Fosters.com.

Related posts:

  • No need to hack if it’s leaking, Wednesday edition: Wyoming Department of Health
  • Autopsy reports altered in data breach at WDH: Frisbie says it will notify families of deceased
  • Autopsy reports altered in data breach at WDH: Frisbie says it will notify families of deceased
  • Attorney for doctors in WDH privacy breach disputes AG’s finding
Category: Breach IncidentsHealth DataInsiderU.S.

Post navigation

← NZ: International gang suspected in massive carpark scam
NH: Mayor’s e-mail used for 650,000 messages →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.